External signature and OCSP

I am using smartcard to sign PDF data, then I add those bytes into
PKC7:

PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true);
pk7.SetExternalDigest(rsadata, digest, "RSA");

I have few questions regarding OCSP:
1) my PKCS12 certificate container doesn't have OCSP URL. I am using
predefined URL
to validate certificate. Will be a missing URL in certificate a problem
when adding OCSP
response bytes into PKCS7 ? How does Reader re-validates certificate if
URL is missing ?

2) When should I add OCSP response bytes into PKCS7 when using external
signature ?
I understand that it should be done before signing a PDF content hash,
rigth ?

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions

If you are using an external signature it's up to you to put the OCSP inside it, iTextSharp has no control over it.

Paulo

Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem.

Disclaimer:
This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message.



------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions

Paulo,

Can you be more specific and explain me what do you mean by saying
iTextSharp has no control over it ?

If I am using SetExternalDigest then can I use similar solution
described here :
http://itextpdf.sourceforge.net/howtosign.html#signtsocspcs ? Or what
functionality do I need to include OCSP response inside PDF ?

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions

What API should I use when using external signature and I want to include OCSP response ?

Paulo Soares-3 wrote:

If you are using an external signature it's up to you to put the OCSP inside it, iTextSharp has no control over it.

Paulo

No idea, it depends on what you use to sign. As I said that's a process
external to iTextSharp.

Paulo

----- Original Message -----
From: "mtrekker" <mtrekker@...>
To: <itextsharp-questions@...>
Sent: Monday, September 07, 2009 7:06 PM
Subject: Re: [itextsharp-questions] External signature and OCSP



What API should I use when using external signature and I want to include
OCSP response ?


Paulo Soares-3 wrote:
>
> If you are using an external signature it's up to you to put the OCSP
> inside it, iTextSharp has no control over it.
>
> Paulo


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions

I am using smartcard to sign SignatureApperarance, then I add those
bytes using SetExternalDigest.

Paulo, you say that I can't add OCSP response bytes when using
SetExternalDigest API call ?
See my current pseudo code below .

// locate signer on smartcard
PKCS11Signer signer = LocateSigner(smartCard);
// compute hash
byte[] digest = ComputeHash(sap);
// sign hash
byte[] rsadata = SmartCardSign(smartCard, signer, digest);
// get chain
X509Certificate[] chain = LocateCerts(signer);
// PKCS#7 envelope
PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true);
// add external signature
pk7.SetExternalDigest(rsadata, digest, "RSA");

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions